[Git][security-tracker-team/security-tracker][master] Add CVE-2022-0338/loguru

Wed, 26 Jan 2022 01:00:07 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bade5a4a by Salvatore Bonaccorso at 2022-01-26T09:58:05+01:00
Add CVE-2022-0338/loguru

I'm marking this as unimportant as the action taken by upstream seems to
be to clarify the documentation with respect to security considerations
to be taken and documenting best practices.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -655,7 +655,10 @@ CVE-2022-23849
 CVE-2022-0339
        RESERVED
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. 
...)
-       TODO: check
+       - loguru <unfixed> (unimportant)
+       NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+       NOTE: Document best practices for security: 
https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+       NOTE: loguru documents security considerations and best practices to 
follow
 CVE-2022-23848
        RESERVED
 CVE-2022-23847



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bade5a4a2609205ebab035b7848eb5391eb57947

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bade5a4a2609205ebab035b7848eb5391eb57947
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to